Comprehensive Data Privacy Law Brings Big Changes to Virginia, but Excludes Employee Personal Data

Virginia has joined California as the second state to enact a comprehensive data privacy law. On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. The VCDPA does not go into effect until January 1, 2023, but the broad privacy mandate will have an immediate impact on compliance efforts for many Virginia businesses.

Virginia Marijuana Bill to Bar Applicant Questions on Decriminalized Charges

On April 12, 2020, Virginia Governor Ralph Northam signaled his approval of—but has not yet signed—legislation (House Bill 972) that would decriminalize simple possession of marijuana. The impact of decriminalization on Virginia’s criminal process has been the highlight of the legislation, but the bill would also include restrictions that impact the application process for employers operating in the Commonwealth.

Virginia Places Additional Restrictions on Business Operations Due to COVID-19

On March 23, 2020, Virginia Governor Ralph Northam signed Executive Order No. 53 (EO-53), which restricts the operation of certain non-essential businesses including restaurants and recreational and entertainment businesses. The order goes into effect on March 24, 2020, at 11:59 p.m., and will remain in effect until at least 11:59 p.m. on April 23, 2020.

New York State Doubles Down on Data Privacy, Sets High Bar for “Reasonable Safety Standards”

On July 25, 2019, New York governor Andrew Cuomo signed into law two bills aimed at increasing the obligations of entities handling computerized private data. The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) expands the requirements for notifying affected parties in the event of a data breach and sets forth a demanding list of security measures that must be implemented to “maintain reasonable safeguards” to protect private information.